VDB

GCVE-VVD-MAGEIA-2020-351

GCVE-VVD-MAGEIA-2020-351
Advisory Published
Vulnetix · Advisory published August 28, 2020
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection". (CVE-2020-14928) In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server. (CVE-2020-16117)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaevolution-data-server0 (affected), 3.32.2-1.2.mga7 (unaffected)

Aliases

CVE-2020-14928CVE-2020-16117

Transitive aliases

ALSA-2020:4649GSD-2020-16117EUVD-2020-7064BDU:2021-01745VVD-GENTOO-2020-730748OPENSUSE-SU-2021:0482-1SUSE-SU-2021:0949-1SUSE-SU-2021:0885-1GHSA-3rg7-72j5-5xpvALSA-2021:1752RHSA-2021:1752OPENSUSE-SU-2024:10744-1EUVD-2020-8083GHSA-j89v-2w65-5qmqSUSE-SU-2021:0891-1

References

Updated evolution-data-server packages fix security vulnerabilities
advisory
Updated evolution-data-server packages fix security vulnerabilities
issue
Updated evolution-data-server packages fix security vulnerabilities
advisory
Updated evolution-data-server packages fix security vulnerabilities
advisory
Updated evolution-data-server packages fix security vulnerabilities
advisory
Updated evolution-data-server packages fix security vulnerabilities
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›